Research On Network Security Events Warning System

In recent years, with the development of network technology and the evolution of cloudtechnology, the network became several huge, complex and connected networks. The mostprominent problem about security management in this huge network is the failure of networkmanager to notice the various security events on time and the failure of respond to theabnormal events on time.At the moment, major security event detection systems basically detect on the level ofnetwork structure, such as data flow feature detection which detects the security incidentsthrough the abnormal changes in network flow. However, some network security events donot show significant abnormal flow in a single link, and this causes lots of false misstatementsand omissions. The purpose of deep packet inspection application is detecting the data loadpackets and matchig specified patterns. But it is unable to detect security incidents throughdynamic changes in the whole network and consumes a lot of resources. It can only detect andtest the packet itself.This paper presents a composite security incident detection method. It combines not onlythe data flow features detection which detects the security status of network in themacroscopic level, but also the deep packet inspection which detects detail features of packetsfor some specific security events. This method can greatly improve the accuracy of securityevents detection, and also reduce the false misstatements and omissions.The composite detection method first through the data flow pattern matching, if accord withnumber of rules to a certain threshold is through the daemon activated after the deep packetinspection process, it transfer of the corresponding five tuple data to the specific flow to graba packet, and matching the corresponding regular expressions, will ultimately result in thedatabase and generate early warning information. This paper also presents a network securitysystem based on modular structure. It means to separate the functions of security system intoseveral independent modules. Also, it can update and install the modules online through theapplication store. This can provide convenient and satisfied solutions for users.In This paper, a security event warning system facing large network is designed andimplemented by the complex detection method in the paper. The system in the experiment isin Tian Jin educational net deployment, and it finds the network security incident successfully,so as to prove the effectiveness of this method. This system makes network security incidentwarning more accurate, intuitive, and increases the security events warning means in a largenetwork.